{"id":96049,"date":"2026-04-09T15:24:47","date_gmt":"2026-04-09T12:24:47","guid":{"rendered":"https:\/\/forklog.com\/en\/?p=96049"},"modified":"2026-04-09T15:26:16","modified_gmt":"2026-04-09T12:26:16","slug":"password-123456-exposes-a-dprk-it-worker-network-in-crypto","status":"publish","type":"post","link":"https:\/\/forklog.com\/en\/password-123456-exposes-a-dprk-it-worker-network-in-crypto\/","title":{"rendered":"Password ‘123456’ exposes a DPRK IT-worker network in crypto"},"content":{"rendered":"

North Korean IT specialists have been posing as ordinary developers to join crypto projects they later try to compromise, according to on-chain sleuth ZachXBT.<\/p>\n

\n

1\/ Recently an unnamed source shared data exfiltrated from an internal North Korean payment server containing 390 accounts, chat logs, crypto transactions.<\/p>\n

I spent long hours going through all of it, none of which has ever been publicly released.<\/p>\n

It revealed an intricate\u2026 pic.twitter.com\/aTybOrwMHq<\/a><\/p>\n

\u2014 ZachXBT (@zachxbt) April 8, 2026<\/a><\/p><\/blockquote>\n